JP2002520682A - Copy protection with ticket encryption - Google Patents

Abstract

(57) Abstract An encryption scheme is provided between a device that communicates material content and an intended receiver of the content. Encryption is applied to tickets that carry the rights to copy and display. In a preferred embodiment, the encryption scheme is dynamic to allow device portability. At any time, the channel between the providing device and the receiving device may be configured to be dedicated to these two devices, and then the channel may be configured to be dedicated to the other set of devices. To prevent the use of devices in the system that are not based on agreement between manufacturers, devices based on agreements between manufacturers include a verifiable certificate of authenticity, and each device on the channel is After confirming the authenticity of the device, a channel is established.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001] The present invention relates to the field of entertainment systems, and more particularly to the protection of reproduction of copyrighted material.

[0002] Digital recordings have the unique property that the recorded material has the same quality as the original. Therefore, a copy protection scheme that is effective for the protection of digitally recorded copyrighted material is particularly important. A cost-effective method of copy protection is described in the July 1997 Philips Electronics R, incorporated by reference.
esonse to Call for Proposals Issued by the Data Hiding Subgroup Copy Pro
detailed by Jean-Paul Linnartz outside of the tection Technical Working Group (“Linnartz”). The Linnartz scheme works by attaching "tickets" to recorded material. The ticket includes an identifiable "count" that is decremented at each stage of the playback and recording process and is difficult to increment computationally. Computationally difficult processes are those that require an extremely large amount of time to complete for the potential gain that can be realized by spending the same time. The Linnartz scheme uses a hash function that gives a hash value from a seed value so that it is computationally difficult to determine the seed value given a hash value.

FIG. 1 is a diagram showing a Linnartz ticket scheme. Different inputs 101, 10
Multiple instances of player 110 and recorder 120 are used to indicate the same or another player 110 and recorder 120 having 2, 111, 112, 122, 132. Protected recordings, such as DVD discs, can be encoded as "copy never" 101 or "copy once" 102. The material content C also includes an embedded watermark W which is a hashed value of the physical mark P. Like a paper watermark, the watermark W is embedded in the recorded material so that it does not interfere with the representation of the material, but cannot be removed from the material without adversely affecting the quality of the material. The physical mark P is a code that can be read by the disc player 100 but cannot be removed from the disc medium without affecting the quality of the disc medium. The copy prohibition disk 101 may or may not include the ticket T.
The once-copyable disk includes an embedded watermark W obtained by hashing the physical mark P four times, and a ticket T that is a value obtained by hashing the physical mark P once.

[0004] According to the agreement between the manufacturers, the player 110 based on the agreement, when the embedded watermark W is a hash operation of the physical mark P once, or when the embedded watermark W Only when the hash calculation is performed or when the embedded watermark W is obtained by hashing the ticket T once, the recorded matter including the embedded watermark W is reproduced. Embedded watermark W, ticket T
, And other combinations of the physical mark P are considered to be illegal copies, and the player 11
0 does not play such illegal copies. If the recording is deemed to be an illegal copy, the player 110 provides as output the material C with an embedded watermark W and a modified ticket T ', which is a one-time hashing of the incoming ticket T I do. As shown, the player 110 determines that the embedded watermark W is a physical mark P
Is output from the copy prohibition disk 101 because it is equal to
1 and the output 112 from the replicable disk 102 once because the embedded watermark W is equal to the hash operation of the ticket T three times.

[0005] According to the agreement between the manufacturers, the recorder 120 based on the agreement only records the embedded watermark W and the ticket T if the embedded watermark W is a hash operation of the ticket T twice. Create a copy of. The copy prohibition output 111 does not have the watermark W embedded therein, which is obtained by performing a hash operation twice on the modified ticket T ′, and is not recorded by the recorder 120. Output 1 that can be duplicated once
Reference numeral 12 denotes an embedded watermark W obtained by hashing the physical mark P four times.
And a modified ticket T ′ obtained by hashing the original ticket T once.
And Since the original ticket T is obtained by performing a hash operation on the physical mark P once, the modified ticket T ′ is obtained by performing a hash operation on the physical mark P twice, and therefore, the embedded watermark W is the modified ticket W. T ′ is obtained by performing a hash operation twice. Since the embedded watermark W is obtained by performing a hash operation twice on the incoming deformed ticket T ′, the recorder 120 outputs the once-copyable material 112.
Is created. The recorder 120 adds the one obtained by hashing the incoming ticket T ′ once to the copy 122 as a new ticket T ″. The incoming ticket T ′ is obtained by hashing the physical mark P twice. , A new ticket T ″ is obtained by performing a hash operation on the physical mark P three times. The combination of the embedded watermark W, which is obtained by performing a hash operation once on the added ticket, is as follows:
Define a “prohibited duplication from the second time” recording.

In the Linnartz scheme, there is no limit on the number of copies made from a “one-time copy” disc 102. That is, by reproducing the original one-time copyable disc 102, an output including a material C having a converted ticket T ′ which is a hash calculation of the embedded watermark W and the incoming ticket T is performed once. Generated. Since the original ticket T is obtained by performing a hash operation on the physical mark P once, the converted ticket T ′ is obtained by performing a hash operation on the physical mark P twice, and the embedded watermark W is always converted. The ticket T ′ is obtained by performing a hash operation twice, and thus can be recorded. Mass production of the single-duplicable disc 102 can be done simply by operating multiple recorders 120, each receiving the output 112 of the player 110, in parallel. It should be noted that this mass production can be performed using a recorder 120 that follows the Linnartz ticket scheme.

[0007] As described above, the player 110 based on the agreement between the manufacturers can perform the operation when the embedded watermark W is a hash operation of the physical mark P once, or when the embedded watermark W is the incoming ticket. Is reproduced three times, or only when the embedded watermark W is obtained by hashing the incoming ticket once, the recorded matter including the embedded watermark W is reproduced. Copy prohibited copy 1 after the second time
Since the incoming ticket T "from H.22 hashes the physical mark P three times and the embedded watermark W has been obtained by hashing the physical mark P four times, the embedded watermark W This is a hash calculation of the ticket T ″ once, and is therefore a legally reproducible copy. The player 110 based on the agreement reproduces the legally prohibited copy-protected copy 122 from the second time onward, and performs a hash operation on the material C, the watermark W embedded therein, and the incoming ticket T ″ to form a modified ticket T ″. '
And produces an output 132 that includes The modified ticket T ′ ″ of the output 132 is obtained by performing a hash operation on the physical mark P four times.

As described above, the recorder 120 based on the agreement between the manufacturers includes the embedded watermark W and the ticket T only when the embedded watermark W is a hash operation of the ticket T twice. Create a copy of the recording. The second and subsequent copy prohibition outputs 132 do not have an embedded watermark W, which is the hashed version of the modified ticket T ′ ″ twice, and therefore are not recorded by the consensus recorder 120.

In the Linnartz scheme, it is assumed that player output based on agreement between the manufacturers can be displayed on a display device. That is, there is no restriction on display on the display device. The watermark W and the ticket T embedded in the output 132 of the player 110 based on the agreement are arranged so that the embedded watermark W is equal to the ticket T. Therefore, if constraints are imposed on the display device based on the embedded watermark W and the ticket T, it must be possible to display an output in which the embedded watermark and the ticket are equal. Thus, the attempted restriction on the display of copyrighted material under Linnartz's embedded watermark and trademark scheme is broken by replacing any ticket given by a copy of the embedded watermark. .

FIGS. 2 and 3 show a “pay-per-vi” from a service provider.
ew) shows the application of a prior art ticketing scheme to control the copying of copyrighted material communicated over a broadcast channel such as a "transmission". FIG. 2 is a diagram showing the transmission of the duplication-prohibited broadcast 201, and FIG. As is common in the prior art, broadcasts 201, 20
2 is encrypted. Conditional access decryptor 210 decrypts encrypted broadcasts 201, 202 to provide decrypted outputs 211, 212 including material content C, embedded watermark W, and ticket T. Conditional access decoder 210 may be used, for example, after an agreement made with a service provider for payment of a fee associated with receiving material content C, or after a "smart card" is inserted therein. "Cable box" for decoding incoming broadcasts
It can be.

As shown in FIG. 2, if the transmission is the copy-forbidden broadcast 201, the decrypted output 211 has an embedded watermark W that is equivalent to twice hashing the material content C and the physical mark P. And a ticket T which is also equal to the result of hashing the physical mark P twice. In the case of a broadcast, the "physical" mark P may be any code associated with the broadcast, or may relate to a broadcast attribute such as a modulated signal being broadcast. The source of the mark P should not be "available to the public", i.e. it is arbitrary, except that it cannot be easily determined. Other methods can be used to provide the appropriate ticket value. The service provider may supply a ticket that is a one-time hash operation of the physical mark P, and the conditional access decoder 210 performs a one-time operation on the incoming ticket as performed in a conventional player 110. It can be configured to apply a hash operation. Alternatively, the service provider may supply the twice hashed ticket directly, and the conditional access decoder 210 may simply pass the incoming ticket as the output ticket. As described above, the consensus-based recorder 120 creates a duplicate of the watermarked material only if the embedded watermark is a hashing of the incoming ticket twice. In this copy prohibition, the embedded watermark W is equal to the incoming ticket T, so the recorder 120 based on the agreement between the manufacturers does not create a copy of the copy prohibition material 211. On the other hand, the display device 220 based on the agreement between the manufacturers displays the copy prohibition material 211 because the embedded watermark is equal to the ticket.

As shown in FIG. 3, if the transmission is a once-copyable broadcast 202, the decrypted output 212 is embedded equal to the material content C, physical mark P, hashed four times. Includes a ticket T equal to the result of hashing the watermark W and the physical mark P twice. Since the embedded watermark W is equal to twice the hash operation of the incoming ticket T, the recorder 120 based on the agreement between the manufacturers produces an authorized copy 222 of the decrypted output 212 and the manufacturer The display device 220 based on the agreement between the two displays the decoded output 212. The copy 222 from the recorder 120 contains the material content C, the embedded watermark W, and the incoming ticket T as one.
Includes a modified ticket T 'that is equal to the hashed times. Since the incoming ticket T is equal to the physical mark P hashed twice, the modified ticket T 'is equal to the physical mark P hashed three times.

In the above-described disk scheme with a ticket, the recorder 12 based on a plurality of agreements is used.
0 is adapted to receive the output of the encryptor 210 and the corresponding plurality of replicas 22
Note that this produces 2. Also, a "blind" copy may be created that is not based on agreement between the manufacturers of the material 212, followed by an unlimited number of copies 2
22 is provided to a recorder 120 based on any agreement. "blind"
Replicas are essentially bit-to-bit replicas that do not alter the information when replicated. In the above-discussed disc scheme, the physical mark P is not transmitted with the duplicated information, so the presence of the physical mark P on the disc itself prevents the use of blind duplicates, and the consensus device uses the physical mark P Eliminates duplicates with embedded watermarks that are different from one hashed or four hashed of. However, in the broadcast example, if the physical mark P is communicated, it becomes part of the broadcast information and is therefore transferred with the information during blind duplication.

When the replica 222 is provided to the player 110, the player matches the embedded watermark W with the one-time hashing of the ticket T ′ to obtain the material content C, the embedded watermark W, and the incoming ticket. An output 232 is provided that includes a modified ticket T ″ that is equal to, or equivalent to, a single hash of T ′.

The recorder 120 based on the agreement between the manufacturers does not create a copy of the output 232 because the embedded watermark W is not a hash operation of the incoming ticket T ″ twice. Based on the agreement between the manufacturers. The display device displays the output 230 because the embedded watermark W is obtained by performing the hash operation twice on the incoming ticket T ″. A recorder that is not based on agreement between the manufacturers will simply generate a ticket T equal to the embedded watermark W
", The material content C displayed by the display device 220.
Authorized and non-authorized reproductions.

An object of the present invention is to prevent an unauthorized copy of a material from being displayed on a display device based on agreement between manufacturers. It is a further object of the present invention to prevent unauthorized duplication of material on a recording device based on agreement between the manufacturers. The present invention prevents unauthorized duplication of material on a recording device that is not based on agreement between the manufacturers and renders such unauthorized copies unusable on a compliant display or recording device. For a further purpose.

The above and other objects are achieved by providing an encryption scheme between a device that communicates material content and a receiver for this content. Encryption is applied to tickets that carry the rights to copy and display. Because of the portability of the device,
In the preferred embodiment, the encryption scheme is dynamic. At any one time, the channel between the providing device and the receiving device may be adapted to be dedicated to these two devices, and then the channel may be adapted to be dedicated to the other set of devices. To prevent the use of devices that are not based on agreement between manufacturers in the system, devices based on agreement between manufacturers include a verifiable certificate of authentication, and each device on the channel is The channel is established only when the authentication of the authentication is confirmed.

The present invention will be described in detail by way of example with reference to the accompanying drawings. FIG. 4 is a block diagram illustrating an example of a ticket processing scheme for controlling the display of copyrighted material according to the present invention. FIG. 4 shows a conditional access module 300 and a display device 400. The conditional access module receives a broadcast 301 that may or may not be encrypted, and may or may not be copy protected. Parentheses used in FIG. 4 indicate items that may or may not be present in a particular broadcast 301. The broadcast decoder 350 is a decoder that decrypts the broadcast 301 if it has been encrypted, and passes it unchanged if it has not been encrypted, so that the output 351 of the broadcast decoder is , The material content C, the watermark W embedded therein if present, and the related ticket T if present.

The ticket detector 340 outputs the ticket T 341 if it exists,
1 and the material content C and its embedded watermark W if present
, And transmits the ticket 341 to the ticket encryptor 330.
According to the present invention, the ticket decryptor 330 encrypts the ticket T using the key K321 and, as described in more detail below, an encrypted ticket that can only be decrypted by the currently associated display device 400. Generate E _K (T) 331. The material content C and the signal 342 of the watermark W embedded therein, if present, and the encrypted ticket E _K (T) 331 are converted into a signal 401 to be communicated by the display device 4.
00 is communicated.

The display device 400 processes the signal 401 to be communicated so as to generate the material content C and the signal 442 of the watermark W embedded therein if present, and the extracted ticket 431 if present. Includes a ticket detector 440. FIG.
If the conditional access module 300 is a device based on agreement between manufacturers according to the present invention, the extracted ticket 431 is equal to the encrypted ticket E _K (T) 331 as shown in FIG. If the signal 401 to be communicated is not from the conditional access module 300, the extracted ticket 431 will not be equal to the encrypted ticket E _K (T) 331. The ticket decryptor 430 will only generate the resulting ticket T if the key K'421 corresponds to the encryption key K321.
The extracted ticket 431 is decrypted based on the key K'421 so that 441 matches the original ticket T431. These keys correspond to each other if one key decrypts the encryption generated by the other key. In a symmetric key system,
The keys K321 and K'421 are equal to each other. In an asymmetric key system, the key K3
21 and K'421 are a secret key and a public key of a secret / public encryption key pair, respectively.

The display controller 460, based on the relationship between the embedded watermark W, if present, and the decrypted ticket T441, signals the material content C and, if present, the embedded watermark W 442 is controlled. According to the present invention, the material content C is displayed only when the following conditions are satisfied.

There is no embedded watermark. Or the embedded watermark W is equal to the decrypted ticket T441. Or equal to twice hashing the ticket T441 with the embedded watermark W decrypted.

The first condition corresponds to material content C that is not copy protected or display protected. The second condition corresponds to the copy prohibited state 212 and the second or later copy prohibited state 232 of the prior art ticket scheme as shown in FIGS. 2 and 3, respectively, and the third condition is shown in FIGS. This corresponds to the once-copyable state 222 of such a prior art ticket scheme. As described above, the embedded watermark W in the prior art ticket scheme, if present, is equal to the original ticket T341 in the copy prohibited state 212 and the second and subsequent copy prohibited state 232, and the original watermark in the once copied state 222. It is equal to the result of hashing the ticket T341 twice. The decrypted ticket T441 will only be used if the display device has a key K'421 corresponding to the key 321 in the conditional access module 300.
Therefore, the protected material content C is displayed only when the conditional access module 300 and the display device 400 have the corresponding keys 321 and K'421. Thus, if a blind copy of the signal to be communicated is created, it can only be displayed on the display device 400 having the key K'421 corresponding to the key 321.

FIG. 5 is a diagram illustrating a corresponding recorder 500 according to the present invention. Recorder 50
0, except that a duplicate controller 560 is placed instead of the display controller 460.
It is substantially the same as the display device 400. The duplication controller 560 permits duplication of the material content C only when the following two conditions are satisfied.

There is no embedded watermark. Or equal to twice hashing the ticket T441 with the embedded watermark W decrypted.

The first condition corresponds to material content C that is not copy protected or display protected. The second condition corresponds to the once-copyable state 222 of the prior art ticket scheme as shown in FIG. Since the decrypted ticket T441 becomes equal to the original ticket T341 only when the display device has the key K'421 corresponding to the key 321 in the conditional access module 300, the original ticket T341
Once-copy material C having an embedded watermark W equal to the result of hashing twice with the conditional access module 300 and the recorder 500
21 and key K'421 only. Thus, when a blind copy of the signal to be communicated is created, this is the key K'421 corresponding to key 321.
Can be copied only on the recorder 500 having Although multiple copies can be made by the same recorder 500 from blind copies of the signal 401 to be communicated,
The use of an encrypted ticket according to the present invention can prevent the simultaneous duplication of multiple copies, thereby minimizing the economic gain that can be realized by the production of protected material one by one. .

Various techniques are generally available for generating the corresponding encryption key 321 and key K ′ 421 (for ease of reference, the display device 400 or the recorder 50).
The term receivers 400, 500 is used to indicate 0). In the simplest case,
Each receiver 400, 500 has a private key associated with the identifier of the receiver 400, 500, and the conditional access module 300 has a list of public keys corresponding to each identifier. The public key forms the key K321 and the private key forms the key K'421. In this embodiment, the ticket encryptor 330 and the decryptor 430 are an asymmetric encryptor / decryptor pair. The same identifier and public / private key pair may be assigned to multiple receivers 400,500. A unique public / private key pair is assigned to each receiver 400,5
Assigning to 00 allows individual public keys to be revoked if copyright infringement is discovered.

Alternatively, FIG. 4 illustrates an explicit key generator 32 that generates keys 321 and K ′ 421.
0 and 420 are illustrated. One example of a set of key generators 320, 420 includes the "Diffie-Hellman" key exchange algorithm known in the prior art. In the Diffie-Hellman scheme, each key generator 320, 420 selects a large integer x, y of random numbers and a key parameter 325 containing a large prime number n and a number g of primitive roots of mod n, respectively.

The key generator 320 communicates X = g ^X mod n to the key generator 420, and the key generator 420 communicates Y = g ^Y mod n to the key generator 320. Then, the key generator 320 calculates K = Y ^X mod n, and the key generator 420 calculates K ′ = X ^Y mod n.

Thus, K and K ′ are both equal to g ^xy mod n. Since x and y are kept secret, the determination of keys K and K 'is computationally difficult. In this embodiment, the ticket encryptor 330 and the ticket decryptor 430 are symmetrical encryptor / decryptor pairs that use the same key value g ^xy mod n to encrypt and decrypt the ticket T, respectively. It is.

It should be noted that the two receivers 400, 500 do not generate the same key value in the conventional conditional access module 300 unless they both select the same random number y. In a preferred embodiment of the present invention, receivers 400 and 500 are formed such that the likelihood of simultaneously forming the same random number is minimized. As described above, by making the recorder 500 based on the agreement between the manufacturers parallel to the signal 401 to be communicated in comparison with the conventional ticket system, the material in the once-copyable state 222 is processed by the respective recorders 500. Duplication is not allowed. Similarly, as described above,
Forming a blind copy of the communicated signal 401 allows the recorder 500, based on agreement between the manufacturers with the legitimate key K ', to generate multiple copies one by one.

Further security may be provided by combining other security schemes. For example, FIGS. 4 and 5 illustrate the optional use of a corresponding pair of authenticators 310, 410 with a key generator 320, 420. Upon receiving trigger 346 from the ticket detector, authenticator 310 initiates the authentication process by requesting certificate 411 from authenticator 410. Certificate 411 is a verifiable digital certificate known in the prior art provided by the receiver manufacturer and containing the identification data of the particular receiver. The authenticator 310 verifies the certificate using a conventional digital signature verification technique, and transmits the verification result 311 to the key generator 320. In this way, the receivers 400 and 500 can be authenticated again upon receiving each material 301 to which the ticket is added. In this way, the receipt of the ticketed material by receivers that are not based on agreement between the manufacturers or specific receivers 400 and 500 whose authentication has been invalidated is prevented.

It should be noted that a suitable key K 321 corresponding to the key K ′ 421 is determined or generated periodically, randomly or upon receipt of the ticketed material 301 as described above. . In the preferred embodiment, a key is determined or generated even when a new communication path is established between the conditional access module 300 and the receivers 400 and 500. In this way, the conditional access module 300 can be reassigned or combined for different receivers 400, 500 as desired. The conditional access module 300 also includes, in the preferred embodiment, a pair of key generators 320, each associated with a channel, and a corresponding ticket encryptor 330.
It should be noted that The output 401 of one channel may be provided to the display device 400, for example, at the same time that the output 401 of the other channel is provided to the recorder 500, so that an authorized copy of the protected material may have an authorized viewing. It can be created as it is done.

In this embodiment, the output 401 of each channel has a different encrypted ticket depending on the receivers 400, 500 connected to each output 401. FIG. 6 is a flowchart illustrating the conditional access module 300 and the receivers 400 and 500 based on agreement between manufacturers according to the present invention. At step 610, the broadcast material is received at the conditional access module 300. If it is determined in step 620 that the broadcast material includes an encrypted material, the broadcast material is decrypted in step 625.

If it is determined in step 630 that the ticket is included, then in step 635 the ticket is encrypted using a key corresponding to the key in receivers 400 and 500 as described above. In step 640, the decrypted material and the encrypted ticket are transmitted to receivers 400 and 500. Upon reception, the receivers 400 and 500 determine whether the material includes a ticket. If it is determined in step 650 that the received material includes a ticket, in step 655 the received material is decrypted using the key associated with the receiver 400,500.

If it is determined in step 660 that the receivers 400 and 500 are the recorder 500, a test is performed in step 680 to determine whether the material can be copied. If there is no watermark W embedded in the material, or if the embedded watermark W matches the result of hashing the decrypted ticket twice, in step 685, if the material content and the The embedded watermark W is duplicated along with a hashed version of the decrypted ticket T as in the prior art ticket scheme. If the result of the test at step 680 is negative, the duplicate step (685) is ignored.

If it is determined in step 660 that the receivers 400 and 500 are the display device 400, a test is performed in step 670. If there is no watermark W embedded in the material, or if the embedded watermark W matches the decrypted ticket or the hashed result of the decrypted ticket three times, in step 675 the material content C Is displayed. If the result of the test at step 670 is negative, the display step (675) is ignored. Duplication, display,
Alternatively, after ignoring these, the process continues to step 690, and waits for reception of the next broadcast material in step 610.

The above description merely illustrates the principles of the invention. Thus, it will be apparent to one skilled in the art that modifications may be made to the principles of the present invention without departing from the spirit and scope of the invention, not explicitly shown herein. For example, the above-described ticket encryption scheme in a conditional access module receives a ticketed material from a conventional player 110, an unconditional access module, or a source and supplies it to an intended receiver 400, 500. Any other device that does this may be implemented. Similarly, details of a conventional ticket scheme are provided for explanation. Other ticket schemes that require only changes to the specific ticket tests 675, 685 to correspond to such a scheme may also be used.

In the drawings, specific functions and structures are shown for illustrative purposes only.
Other arrangements are possible. For example, the ticket encryptor 330 is used for the broadcast decryptor 35.
At 0, it may be located at the location of the provider of the broadcast 301 to be received with the ticket appropriately encrypted for decryption by the receivers 400, 500. In this embodiment, the conditional access module 300 includes means for communicating the identification information of the receivers 400, 500 to the provider. Similarly, some or all of the illustrated components of conditional access module 300 may include receivers 400, 50
0 or other device. It will be apparent to those skilled in the art that the above and other system configurations and optimization options can be made to the present invention without departing from the scope of the claims.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating an example prior art ticket processing scheme for controlling the copying of copyrighted material on a physical medium.

FIG. 2 is a block diagram illustrating a prior art ticket processing scheme for controlling duplication of copyrighted material communicated over a broadcast channel.

FIG. 3 is a block diagram illustrating a prior art ticket processing scheme for controlling duplication of copyrighted material communicated over a broadcast channel.

FIG. 4 is a block diagram illustrating an example of a ticket processing scheme for controlling the display of copyrighted material according to the present invention.

FIG. 5 is a block diagram illustrating an example of a ticket processing scheme for controlling the copying of copyrighted material according to the present invention.

FIG. 6 is a flowchart illustrating an example of a ticket processing scheme for controlling the display or duplication of copyrighted material according to the present invention.

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04N 5/91 H04N 7/16 Z 5D044 7/08 5/91 P 5J104 7/081 7/08 Z 7 / 16 (71) Applicant Groenewoodseweg 1, 5621 BA Eindhoven, The Netherlands F-term (reference) AA16 EA24 JA03 LA06 NA02 NA12 PA10

Claims (19)

[Claims] 1. A ticket detector for extracting from a source material with a ticket and an embedded watermark, and providing an encrypted ticket to be transmitted to a receiving device together with the material content with the embedded watermark. A ticket encryptor that encrypts the ticket based on a key that depends on the intended receiver of the material content. 2. The apparatus of claim 1, further comprising a broadcast decoder for decoding the broadcast transmission to form a source of material content having the ticket and the embedded watermark. 3. The apparatus of claim 1, further comprising a key generator for generating a key that depends on the intended receiver. 4. The apparatus of claim 3, wherein the key generator comprises a Diffie-Hellman key exchange system. 5. The device according to claim 1, further comprising an authenticator for authenticating the receiving device as an intended receiver. 6. A ticket detector for extracting an encrypted ticket and an encrypted ticket including material content having an embedded watermark from a received communication, and a ticket decryption for decrypting the encrypted ticket. A receiver comprising: a controller for determining display permission and / or reproduction permission based on the embedded watermark and the decrypted ticket. 7. The receiver of claim 6, further comprising a key generator that generates a key that is provided to a ticket decryptor to decrypt the encrypted ticket. 8. The receiver of claim 7, wherein the key generator comprises a Diffie-Hellman key exchange system. 9. The receiver of claim 6, further comprising an authenticator that provides a certificate to the device so that the received communication facilitates formation of an encrypted ticket. 10. The receiver of claim 6, wherein the controller determines at least one of display permission or copy permission based on at least one hash of the decrypted ticket. 11. The receiver according to claim 6, further comprising at least one of a display device and a duplication device. 12. Encrypting a ticket associated with the copyrighted material to form an encrypted ticket based on the intended receiver, and determining whether the receiving device is the intended receiver. Communicating the encrypted ticket with the copyrighted material to facilitate copyright enhancement depending on whether or not the copyrighted material is enhanced. 13. The method of claim 12, further comprising generating a key based on the intended receiver used in encrypting the ticket. 14. The method of claim 13, wherein generating the key comprises performing a Diffie-Hellman key exchange. 15. The method of claim 12, further comprising the step of authenticating the receiving device as an intended receiver. 16. Decrypting the encrypted ticket; and determining at least one of the display permission or the copy permission based on the decrypted ticket and a watermark embedded in the copyrighted material. How to enhance protection of copyrighted material, including steps. 17. The method of claim 16, further comprising generating a key to be used when decrypting the encrypted ticket. 18. The method of claim 17, wherein generating the key comprises performing a Diffie-Hellman key exchange. 19. The step of determining at least one of display permission or copy permission is based on a hash of the decrypted ticket at least once.
The method of claim 16.